REMARKS 

The Office Action dated December 15, 2004, has been carefully reviewed 
and the foregoing amendment has been made in response thereto. Claims 13-20 have 
been canceled. Claims 21-26 are newly added. Claims 1-12 and 21-26 are pending in 
the application. 

The rejection of claims 1-4 and 7-10 imder 35 USC 102(e) as being 
anticipated by Alegre et al is respectfully traversed. In the method and system of 
claims 1 and 7, an object associated with the Session ID is stored dynamically in a 
directory on a directory server coupled with the authorization server. The directory 
server permits other computer applications launched by the computer user to reference 
the Session ID on the user's computer. The other computer apphcations access the 
object for the computer user on the directory server to authenticate or authorize the 
user for the other computer applications. The ability of additional applications to 
authenticate or authorize directly with the directory server achieves important 
advantages such as reducing network overhead. 

Alegre et al fails to teach all the claimed limitations or their equivalents. 
Alegre et al attempts to increase security for data on a trusted network by using a key 
that must be present with each and every request for information received from the 
remote user. Not only must the key be present with the request, but after being passed 
through a dmz web server the request must be handled by an access server in the 
trusted network which verifies the validity of the key by checking with the key server. 
The key checking of Alegre et al requires two objects (a speaker object and a listener 
object) for validating the key within each request. Since a network application that 
may be accessed by a user in Alegre et al cannot directly authenticate to a directory 
server containing an object with the user's authentication information, for every access 
to the network the speaker object, the listener object, the access server, and the key 
server must all be invoked. The user information retrieved by the access server does 
not persist (i.e., is not stored) in the listener object for any subsequent data request 
from the remote user. When a subsequent request is received, Alegre et al repeats the 
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exact same key checking process even if the request is a repeat request for the same 
data already retrieved with the same key. Thus, Alegre et al fails to teach a directory 
server that permits other computer applications launched by the computer user to 
reference the Session ID on the user's computer, followed by the other computer 
applications accessing the object for the computer user on the directory server to 
authenticate or authorize the user for the other computer applications. Therefore, 
claims 1 and 7 are allowable over Alegre et al. 

Claims 2, 3, 8, and 9 are allowable as further limiting patentable claims 1 

and 7. 

Claims 4 and 10 recite that the Session ID is based on a date on which the 
computer user launched the computer application, a time in which the computer user 
launched the computer application, a TCP/IP address of the computer user, or a user 
name of the computer user. Alegre et al suggests only a 64-bit or larger random 
number for use as a session key (column 6, lines 56-59). Therefore, claims 4 and 10 
are not anticipated by Alegre et al. 

The rejection of claims 5,6, 11, and 12 under 35 USC 103(a) as being 
unpatentable over Alegre et al in view of Hartman et al is respectfully traversed. 
Hartman fails to correct for the deficiencies in Alegre. Therefore, claims 5, 6, 11, and 
12 are allowable. 

New claims 21-26 further specify dynamic directory services used by the 
other applications to access the object stored in the directory server. These are neither 
shown nor suggested by any cited references, and claims 21-26 are likewise allowable. 

In view of the foregoing amendment and remarks, claims 1-12 and 21-26 
are now in condition for allowance. Favorable action is respectfully solicited. 



Respectfully submitted, 




Mark L. MoUon 
Attorney for Applicant(s) 
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